Parse network and client from authzid. Tests will be in future commit

2026-03-28 17:42:41 +01:00 · 2025-02-24 09:21:30 +00:00
parent ed20d489b6
commit 8778a2bb5d
4 changed files with 32 additions and 11 deletions
--- a/include/znc/Client.h
+++ b/include/znc/Client.h
@@ -258,14 +258,25 @@ class CClient : public CIRCSocket {
    void AcceptSASLLogin(CUser& User);
    /** Start potentially asynchronous process of checking the credentials.
     * When finished, will send the success/failure SASL numerics to the
-     * client. This is mostly useful for SASL PLAIN. */
-    void StartSASLPasswordCheck(const CString& sUser, const CString& sPassword);
+     * client. This is mostly useful for SASL PLAIN.
+     * sAuthorizationId is internally passed through ParseUser() to extract
+     * network and client id.
+     * Currently sUser should match the username from
+     * sAuthorizationId: either in full, or just the username part; but in a
+     * future version we may add an ability to actually login as a different
+     * user, but with your password.
+     */
+    void StartSASLPasswordCheck(const CString& sUser, const CString& sPassword,
+                                const CString& sAuthorizationId);
+    /** Gathers username, client id, network name, if present. Returns username
+     * cleaned from client id and network name.
+     */
+    CString ParseUser(const CString& sAuthLine);

  private:
    void HandleCap(const CMessage& Message);
    void RespondCap(const CString& sResponse);
    void ParsePass(const CString& sAuthLine);
-    void ParseUser(const CString& sAuthLine);
    void ParseIdentifier(const CString& sAuthLine);

    template <typename T>
@@ -322,6 +333,7 @@ class CClient : public CIRCSocket {
    CIRCNetwork* m_pNetwork;
    CString m_sNick;
    CString m_sPass;
+    // User who didn't necessarily login yet, or might not even exist.
    CString m_sUser;
    CString m_sNetwork;
    CString m_sIdentifier;
--- a/include/znc/Modules.h
+++ b/include/znc/Modules.h
@@ -1388,6 +1388,9 @@ class CModule {
     * GetClient()->SendSASLChallenge(), or reject authentication by calling
     * GetClient()->RefuseSASLLogin(), or accept it by calling
     * GetClient()->AcceptSASLLogin().
+     * At some point before accepting the login, you should call
+     * GetClient()->ParseUser(authz-id) to let it know the network name to
+     * attach to and the client id.
     * @param sMechanism The SASL mechanism selected by the client.
     * @param sMessage The SASL opaque value/credentials sent by the client,
     * after debase64ing and concatenating if it was split.